Very weird access problem

We have a server in our data centre that is running Cpanel on an ESXi VS. We are connected to this server by our MPLS/VPLS connection and have all the appropriate port forwarding etc. The servers external IP address is on the same range as our connection but we get access by the internal range. Other networks are able to get access to the server and everything is fine in that regards.

We have an issue with other clients who are using our MPLS/VPLS service that host with, they cannot get to the server. They are on the same External IP range but different internal IP range. All the routing has been configured correctly and we can get access to the ESXi page from any of our clients on the IP address that is allocated to the server. So we know it's not routing at the MPLS/VPLS service end. But none of them can get access to the Cpanel server.

All of clients can ping the server, tracert to the server etc but cannot get to the server in any other way on any port.

Has anyone got any idea's on where we can look to resolve this issue. I have gone through the Cpanel setup extensively and check IPtables and nothing appears to be blocking our external IP range. I have been through the logs extensively and there are no log entries at all for our IP range so I thinks it's safe to assume the connections aren't getting to Cpanel it's self and being blocked at either the CentOS install or ESXi but again nothing show's that this is the case.

Staff Member

Rather than checking logs, the best idea is to use tcpdump to see if they are connecting:

Code:

tcpdump src clientIP#

Replace clientIP# with the client's IP number. If they are connecting at all, it should show the connection. If they aren't connecting, it should show they are not. If they aren't even reaching the machine via a tcpdump, at that point it becomes a networking issue, and no-one can really resolve that but someone with access to the network, preferably a network engineer.

Now, if they are reaching the machine when trying to SSH or access cPanel, then something on the machine is blocking the access attempt. It could be cPHulk Brute Force Protection, which logs in WHM > cPHulk Brute Force Protection and in mysql command line to the cphulkd database. Alternatively, it could be WHM > Host Access Control blocking any IPs outside a set range for set services. The contents of Host Access Control can be written to /etc/hosts.allow and /etc/hosts.deny locations.

Thanks for those suggestions, yes connections are being made and thank you for that tip. Brute Force protection wasn't enabled, I have since enabled it and added in the required exceptions with no luck. I have also modified the /etc/hosts.allow file to allow the IP but still no luck.

Please note that all other IP ranges are able to access the server, just not IP's from the same range as the server is on. This is really bizarre.